Businesses are not doing enough to protect against software security flaws according to a report, effectively leaving the doors wide open to cyber criminals.
The latest Yearly Report from security outfit Secunia has shown that more should be done in the software industry to ensure that patching strategies are in place, with end point vulnerabilities on the rise.
The problem is stemming from third party non-Microsoft programs, with the number of vulnerabilities on end points increasing from 45 percent in 2006 to 78 percent last year. Third party programs are considered to be more difficult to keep updated, but the report highlighted how the majority of vulnerability disclosures were released on the day of discovery by firm responsible.
Despite this the report showed that there are considerably more problems emanating from third party software than from operating systems. Operating systems accounted for 12 percent of vulnerabilities, while Microsoft programs were accountable for just 10 percent.
However this still meant an increase to over 800 vulnerabilities according to the Secunia report, meaning that the number has increased threefold in just a few years. Of these over half were considered to be ‘Highly’ or ‘Extremely’ critical.
Stefan Frei, Research Analyst Director at Secunia said that the responsibility for so many vulnerabilities lay in lax attitudes amongst companies towards patching vulnerabilities. He claims a better approach to a strategy for implementing patches rather than doing so reactively can help stop major breaches in the long term.
The report did show that despite the increased risk of end point security, there was an overall decrease in the number of vulnerabilities last year. Following a high in 2006 vulnerabilities have in fact been falling in the long term.
At the top of the 20 major firms studies, vulberabillities were mainly seen among open source companies. Novell and Red Hat were two of the firms which saw increasing problems, while Microsoft and Google saw a reduction over the last year.